AWS Certified SysOps Administrator – Associate — Question 290

A company stores files on 50 Amazon S3 buckets in the same AWS Region. The company wants to connect to the S3 buckets securely over a private connection from its Amazon EC2 instances. The company needs a solution that produces no additional cost.

Which solution will meet these requirements?

Answer options

• A. Create a gateway VPC endpoint for each S3 bucket. Attach the gateway VPC endpoints to each subnet inside the VPC.
• B. Create an interface VPC endpoint for each S3 bucket. Attach the interface VPC endpoints to each subnet inside the VPC.
• C. Create one gateway VPC endpoint for all the S3 buckets. Add the gateway VPC endpoint to the VPC route table.
• D. Create one interface VPC endpoint for all the S3 buckets. Add the interface VPC endpoint to the VPC route table.

Correct answer: C

Explanation

Gateway VPC endpoints for Amazon S3 are free of charge and route traffic to all S3 buckets in the region via the VPC route table, making Option C the ideal cost-effective solution. Interface VPC endpoints, represented in Options B and D, incur hourly and data processing charges. Furthermore, creating individual endpoints for each of the 50 buckets as suggested in Option A is unnecessary because a single gateway endpoint can service all S3 buckets in the region.